making a Debian Live CD for managing GnuPG master key and smartcards
flapflap
flapflap at riseup.net
Wed Apr 27 13:35:17 CEST 2016
MFPA:
> [0] is a How-To for creating an OpenPGP keypair for use with GnuPG on
> an airgapped system (using Tails) and exporting the subkeys for
> day-to-day use. There is a link [1] to a second guide to export the
> subkeys to an OpenPGP smartcard.
I was also about suggesting Tails, so thanks for doing that for me :)
Daniel Pocock:
> The benefit is that everything on the CD is self-contained, it can't be
> tampered with, it can run without network support in the kernel and the
> workflow would be controlled by a script. All the details, including
> workflow, are described in a wiki[2]
Tails can be instructed in the Tails Greeter to disable all network
access [0].
As far as I understand it, Tails unconditionally blacklists the drivers
of all network devices [1]. If network access is enabled in the
Greeter, the blacklist is deleted [2] and the related services are
restarted; if network access is not enabled, the blacklist stays in place.
Yet, Tails might not be what you want because you have a different usage
pattern and thread model in mind. For instance Tails ships non-free
software (and isn't happy about that) but needs to balance with the
possibility to run on almost every device a non-technical savvy user
wants it to boot from (which might not be the case for your use case).
[0]
https://tails.boum.org/doc/first_steps/startup_options/offline_mode/index.en.html
[1]
https://git-tails.immerda.ch/tails/tree/config/chroot_local-hooks/80-block-network?id=744ad738707e2527f694bdbe12463ddbdb76ddf0
[2]
https://git-tails.immerda.ch/tails/tree/config/chroot_local-includes/usr/local/lib/tails-unblock-network?id=744ad738707e2527f694bdbe12463ddbdb76ddf0
More information about the Gnupg-users
mailing list